BEC

Business Email Compromise

A sophisticated form of cybercrime that has become increasingly prevalent. BEC is a type of targeted email scam that primarily affects organizations, especially those that conduct wire transfers or have suppliers abroad.

In a BEC attack, cybercriminals impersonate high-level executives, trusted vendors, or other legitimate business contacts to deceive employees into transferring funds or sharing sensitive information. These attacks are often highly targeted and well-researched, making them difficult to detect.

Key characteristics of BEC attacks include:

• Social engineering: Attackers use psychological manipulation to trick victims into taking action.
• Spoofed or compromised email accounts: Criminals may use lookalike domains or hack into legitimate email accounts.
• Urgent requests: Messages often create a sense of urgency to prompt quick action without thorough verification.
• Bypassing of traditional security measures: BEC attacks often don’t contain malware or suspicious links, making them harder for standard email filters to catch.
• High potential for financial loss: According to the FBI, BEC scams have resulted in billions of dollars in losses for businesses worldwide.

Common BEC scenarios include:

• CEO fraud: Impersonating a company executive to request urgent wire transfers.
• Invoice fraud: Posing as a vendor to change payment details for upcoming invoices.
• Data theft: Requesting sensitive information like employee W-2 forms or customer data.

To protect against BEC, organizations should implement strong email authentication protocols, conduct regular security awareness training for employees, and establish strict verification procedures for financial transactions and data requests.

• Abbreviation: BEC